I have a collection of smallish internal-facing apps sitting on a server. I have been asked to 'secure' these apps.
The apps currently: + provide HTTP service to clients + make use of a number of internal SOAP services + use LDAP (Active Directory) for user authentication The various apps are written in Java, Groovy and Python. Rather than hack each app, I would like to take a more system-based approach and completely interpose nginx between them and the rest of the world: I would like to have the apps ONLY talk to nginx on localhost and have nginx stand in for the apps. All (certificate) management will then be centralised. I assume that nginx will be more efficient at handling SSL/TLS as well... I believe that I can use nginx (...there seem lots of example materials) to handle: * reverse proxy https(from world) -> http(to localhost) for client access * forward proxy SOAP(over http, from localhost) -> SOAP(over https, to world) with mutual authentication I am unsure of the LDAP->LDAPS aspect. Is this possible? Are there any HOWTO documents/pages/blogs/... detailing this? I have seen very few examples of how this might happen. I tried to replicate: https://jackiechen.blog/2019/01/24/nginx-sample-config-of-http-and-ldaps-reverse-proxy/ This gave me errors about ssl_certificate not being usable at the specific location in the config file. I assume new versions of nginx use a slightly different config file format? Suggestions/thoughts gratefully received.
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
